How to Spot a Phishing Scam Before It's Too Late
According to a report by the respected SANS Institute of cybersecurity training and certification, 95 percent of all cyberattacks are a result of a successful phishing email. This statistic highlights the significant risk from and prevalence of these types of cyberattacks involving the sending of deceptive emails that appear to come from a trusted source; they successfully trick individuals into revealing sensitive data or installing malware.
The sophistication of these attacks is increasing, making it more challenging for individuals and businesses to protect themselves. Attacks are not limited to large, publicly traded companies. They have serious consequences for businesses of all sizes, as well as individuals and families.
Why Should I Care?
Phishing gets people to disclose sensitive information like usernames, passwords, and credit card details. Typically, phishing attacks are carried out via email, but they can also occur through other means, such as text messages, social media, phone calls, or fake websites.
Remember, it’s important everyone takes the threat of phishing seriously. These attacks can lead to serious issues like identity theft or financial loss.
Here are the top 10 warning signs:
Suspicious source. Check the email address carefully. It may be a slight variation on a legitimate one or completely unrelated to the supposed sender or organization.
Urgent or threatening language. Phishing emails often create a sense of urgency or fear, prompting quick action. They might threaten account closure, legal action, or other negative consequences.
Unsolicited requests for personal information. Legitimate organizations usually don’t ask for sensitive data like passwords, social security numbers, or bank details via email.
Generic greetings. Phishing emails often use general greetings like “Dear Customer” instead of your actual name, indicating a mass email rather than a personal communication.
Spelling and grammar errors. As stated above, not all hackers are using AI. Spelling and grammar errors are still a red flag. Professional organizations typically send out well-written emails.
Mismatched URLs. Hover over links in the email (without clicking) to see the actual URL. If it doesn’t match the context of the email or looks suspicious, it might be a phishing attempt.
Unusual attachments. Be very wary of unexpected email attachments, especially from unknown senders.
Inconsistent design. Look for inconsistencies in email formatting, logo quality, and overall design compared to previous communications from the same sender.
Too-good-to-be-true offers. Scams like the long-lost uncle who left you millions and the Nigerian prince who needs a wire transfer are still being used because, somehow, there are people who still fall to them.
Request verification of account details. Phishing emails may request clicking a link to verify your account details. Legitimate organizations don’t ask for verification of sensitive data via email.
Here is a real-world example…
A business owner walked into his office and his assistant said, “Hey boss, I am working on that $50,000 wire transfer. It should go out shortly.”
Puzzled, the boss, responded, “What $50,000 wire?” His assistant replied, “The one you emailed me about this morning.”
Huh? He asked to see the email. When she pulled it up, they both saw that it appeared to come from him, his name was spelled correctly, and so it looked legit.
Now he started thinking they had a cybersecurity issue. But when they looked closer, they saw that there was a small misspelling of the domain name, with the letter <m> changed to <rn>.
Aha, it was a very crafty phishing email. Luckily, that transfer wire was never sent.
Remember, legitimate organizations will never demand immediate action, use scare tactics, demand sensitive information over the phone, or ask for passwords or PINs (personal identification numbers).
Always take your time to verify the legitimacy of the email. Phishing, which often involves deceptive emails to steal sensitive data, can lead to identity theft, financial loss, and unauthorized access to personal or corporate networks.
Protecting against phishing is critical due to their potential to cause significant harm, both personally and professionally.
For more information on protecting yourself, your family or your small to midsize business, subscribe to my Substack @cyberphil.
Or, for detailed step-by-step instructions on how to protect yourself, purchase my book, Cybersecurity: Everything You, Your Family and Every Small Business Owner Needs to Know